If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Im trying to do dns spoofing to redirect dns request (facebook) from target to local ip (192.168.1.64)

In my first attempts i used ettercap, y edited the etter.dns file as follows "*.facebook.com A 192.168.1.64" and then i run the command "ettercap -Tqi wlan1 -P dns_spoof -M arp /192.168.1.78/ /192.168.1.254/"
After that the verified that the man in the middle attack was working correctly as i could capture traffic between the target and the router.
However the dns spoof didnt work, target could enter facebook without trouble.

I rebooted the attacker computer with the native win7 and runned cain & abel. Started the sniffer, selected the target, modified the arp-dns, poisoned, and even though i got full routing the spoofing continued failing.

I switched machines making the apire one the target and booted my macbook with BT 5r3 live CD. did the same procedure and failed.

I seem to be unable to the the dns spoofing and i want to know why

So my question would be: What im i missing? What changes do i need to perform? do i need to modify my network settings?

Thank you all for your help.
I searched the forum for answer and even though there are several treads on this topic none addressed my problem as i seem to fail no matter what program (ettercap, c&a, dnsspoof, etc) i run.

Re: DNS spoofing failing

Hi The router has probable cached the address and can server it up quicker than the attackers replies. You will have to wait 20mins approx without going to the site, or try some random url in ettercap before going to the site.

Re: DNS spoofing failing

Hey! thanks for the advise however it still doesnt work, although i got more info.
I modified the etter.dns like "* A 192.168.1.74" so as to redirect all requests to my attacker, not all pages worked however i typed a random site (blop.com) and it got redirected strangly i did it again (akash.com) and said that it couldnt find the host.
I tried spoofing other sites like wikipedia, grooveshark, gmail, hotmail and other popular websites without luck.

Re: DNS spoofing failing

Thank you for the tip, however that is exactly what i did, i havent managed to make it work yet, however i belive i has something to do with my pc specs... i tried also modifying the etter.conf to run it like root and use ip tables.

i realy dont understand where is the problem...

I did however foundout that while facebook.com doesnt get redirected developers.facebook.com does. My account runs with https (ssl) so perhaps there is a way to use sslstrip with ettercap together...
although i dont know how to do that...
Other thing is that changing the spoofed site to www.bopibloop.com which actually doesnt exists still doesnt get redirected...

Re: DNS spoofing failing

Hey! sorry for the delay in answering...
There has been no progress but im inclined to belive this is has to do with the modem.
Ill try other methods for dns spoof
Ill write back when i figure it out, however i would apreciate suggestions